chris

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2008-4965 Upstream summary: liguidsoap.py in liguidsoap 0.3.8.1+2 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/liguidsoap.liq, (2) /tmp/lig.#####.log, and (3) /tmp/emission.ogg temporary files. […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2026-45184 Upstream summary: Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used. Table of contents Symptom & Impact Environment & Reproduction Root Cause […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2021-20199 Upstream summary: Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Debian 13 (trixie) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2016-6582 CVE-2018-1000088 CVE-2018-1000211 CVE-2020-10187 CVE-2023-34246 Upstream summary: The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 13 (trixie) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2014-0027 Upstream summary: The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 12 (bookworm) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2003-1053 CVE-2005-0117 Upstream summary: Multiple buffer overflows in XShisen allow attackers to execute arbitrary code via a long (1) -KCONV command line option or (2) XSHISENLIB environment variable. […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2017-11311 CVE-2018-10017 CVE-2018-11710 CVE-2018-20860 CVE-2018-20861 CVE-2018-6611 CVE-2019-14380 CVE-2019-14381  +3 more Upstream summary: soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 11 (bullseye) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2002-0658 Upstream summary: OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack. Table of […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 13 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2023-43646 Upstream summary: get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a […]

🟢 Low   ⏱ 5–15 min  Last verified: 25 May 2026 Affected versions: Debian 13 (trixie) 📖 ~4 min read  •  Source: Debian Security Tracker Related CVEs: CVE-2014-5444 CVE-2020-24661 Upstream summary: Geary before 0.6.3 does not present the user with a warning when a TLS certificate error is detected, which makes it easier for remote […]